websec

Abusing URL Shortners to discover sensitive resources or assets · September 22, 2015 · websec bruteforce

Enumerating IPs in X-Forwarded-Headers to bypass 403 restrictions · July 16, 2015 · websec security tool

Introducing Websec Weekly · January 6, 2015 · websec bugbounty websec weekly

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others. · May 3, 2014 · research websec logicflaw

Full Disclosure: Coinbase design allows for mass, targeted phishing of its users. · March 31, 2014 · logicflaw websec

Accessing PayPal’s internal network - the critical nature of SSRF · January 14, 2014 · research websec ssrf

I found Prezi’s source code · December 2, 2013 · research websec bugbounty

Practical uses of ClickJacking and Cross Origin Requests (OzBargain.com.au) · November 8, 2013 · clickjacking cors websec